statusline
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The
statusline-command.shscript usesevalto process JSON input from the agent environment. Although it employsjq's@shfilter for escaping, evaluating strings derived from potentially attacker-controlled sources (such as workspace directory names or git worktree names) is a risky practice that could lead to command injection if escaping is bypassed. - [COMMAND_EXECUTION]: The skill's installation process requires modifying the agent's persistent configuration file (
~/.claude/settings.json) to execute the status line script. This creates a persistence mechanism where a local script is automatically executed by the agent for every interaction. - [COMMAND_EXECUTION]: The installation steps include changing file permissions via
chmod +xon the status line script to facilitate its execution. - [DATA_EXFILTRATION]: The skill accesses the agent's private configuration file (
~/.claude/settings.json) to read and merge settings. Access to such files exposes internal agent configuration and operational metadata.
Audit Metadata